<?php
/* FILE: process_show_security.php
 * DESCRIPTION: Process called when user presses reset password button on password_reset.php
 * POST DATA: user_email
 * GET DATA: N/A
 */
 
	include('config.inc');
	include('includes/functions.php');
	
	$email = $_POST['user_email'];
	
	//If email is blank, throw error
	if($email == "")
	{
		header('Location: password_reset.php?err=noemail');
	}
	//If email is not an email address, throw error
	else if(!validateEmailAddress($email))
	{
		header('Location: password_reset.php?err=bademail');
	}
	//Otherwise fetch user info
	else
	{
		$emailQuery = 
			"SELECT * FROM user WHERE user_email = '"
			. mysql_real_escape_string($email)
			. "';";
		
		if(!$emailResult = mysql_query($emailQuery))
			die("Error retrieving user information.");
		//Email address found, go to security question
		if(mysql_num_rows($emailResult) == 1)
		{
			$userInfo = mysql_fetch_array($emailResult);
			header('Location: security_questions.php?cd=' 
				. mysql_real_escape_string($userInfo[4])
				. '&un='
				. mysql_real_escape_string($userInfo[0]));
		}
		//Address not found, throw error and go back to password reset page
		else
		{
			header('Location: password_reset.php?err=adne');
		}
	}
?>